III. REMARKS 

Claims 1-4, 6-14 and 16 were rejected under 35 USC 102(e) as being allegedly 
anticipated by Sasmazel et al, US 6,725,376 ("Sazmazel"). Claims 5 and 15 were rejected under 
35 USC 103(a) as allegedly being unpatentable over Sazmazel in view of Muratov et al, US 
Publication No. 2003/0097596. Applicant has herein amended claims 1, 7, and 11. No new 
matter is believed added. 

Applicant does not acquiesce in the correctness of the rejections and reserves the right to 
present specific arguments regarding any rejected claims not specifically addressed. Further, 
Applicant reserves the right to pursue the full scope of the subject matter of the claims in a 
subsequent patent application that claims priority to the instant application. 

Applicant respectfully submits that claims 1-4, 6-14 and 16 are allowable over Sazmazel 
because Sazmazel fails to teach each and every feature of the claimed invention. For instance, 
claim 1 (as well as claims 7 and 1 1) recites, inter alia, "a logical security system for processing 
login and password data received from a client device during a server session with the Internet 
server in order to authenticate a user; and a physical security system for processing Internet 
protocol (IP) address information of the client device at the Internet server." 

In other words, Applicant discloses a system that provides complete authentication using 
a single Internet server - i.e., the Internet server that is responsible for processing login and 
password data from the client is also responsible for collecting and comparing IP address 
information from the client. Conversely, Sasmazel discloses a two server system in which a first 
server (authentication server 350) is utilized to collect authentication information to create an e- 
ticket, and the second server (authentication server 360) uses the e-ticket to authenticate the user 
for a server session. Sasmazel teaches that the password and login information is only supplied 
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to the first server 350 (i.e., not the server with which the client seeks to have a session with). See 
Figure 6 and related text, column 8, lines 21-30. "[Authentication server 350 validates the user 
authentication information and generates an eticket 310." Column 8, lines 63-65. The eticket is 
then used by the second authentication server 360 to authenticate the user. However, Sasmazel's 
eticket does not include password and login information. Rather, it includes only, e.g., the ticket 
issuer, IP address, Expiration data, and authorization level (see, e.g., Figure 4 and related text at 
column 7, lines 27-60). Accordingly, Sasmazel fails to teach a logical security system for 
processing login and password data received from a client device during a server session with 
the Internet server in order to authenticate a user. 

As noted, the second server 360 of Sasmazel docs not check for login and password data. 
Instead Sasmazel teaches authenticating a user at second server 360 by "validating" the eticket 
by merely checking if the "hashing technique and public key operate to properly decrypt and 
rehash the eticket 310." (See column 9, lines 17-20.) In other words, Sasmazel authenticates a 
client by checking to see whether the eticket properly decrypts, not by comparing information in 
the eticket with information stored by the server (e.g., as recited in claims 3, 7 and 11). As such, 
Sasmazel also fails to teach "determining at the Internet server if the IP address from the 
received message matches the reference IP address associated with the login data of the 
requesting user" (claim 7) since, inter alia, Sasmazel does not teach or require any type of 
comparing or matching operation. Instead, Sasmazel's authentication is done merely by seeing if 
the eticket properly decrypts. 

Accordingly, for these reasons, Applicant submits that claims 1-4, 6-14 and 16 are 
allowable over Sazmazel. Claims 5 and 15 are believed allowable for similar reasons. Each of 
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the claims not specifically addressed herein is believed allowable for the reasons stated above, as 
well as their own unique features. 

Applicant respectfully submits that the application is in condition for allowance. If the 
Examiner believes that anything further is necessary to place the application in condition for 
allowance, the Examiner is requested to contact Applicant's undersigned representative at the 
telephone number listed below. 



Dated: 8/9/07 

Hoffman, Warnick & D'Alessandro LLC 

75 State Street 

Albany, NY 12207 

(518) 449-0044 - Telephone 

(518) 449-0047 - Facsimile 



Respectfully submitted, 




Michael F. Hoffman 
Reg. No. 40,019 
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